Date: Friday, October 24, 2014 @ 20:25:02 Author: dreisner Revision: 225277
upgpkg: ctags 5.8-5 - apply patch for CVE-2014-7204 (FS#42246) Added: ctags/trunk/CVE-2014-7204.patch Modified: ctags/trunk/PKGBUILD ---------------------+ CVE-2014-7204.patch | 102 ++++++++++++++++++++++++++++++++++++++++++++++++++ PKGBUILD | 14 +++++- 2 files changed, 113 insertions(+), 3 deletions(-) Added: CVE-2014-7204.patch =================================================================== --- CVE-2014-7204.patch (rev 0) +++ CVE-2014-7204.patch 2014-10-24 18:25:02 UTC (rev 225277) @@ -0,0 +1,102 @@ +From a499a10833d525c9af794c616dc40f7425110c71 Mon Sep 17 00:00:00 2001 +From: Colin Watson <[email protected]> +Date: Sat, 27 Sep 2014 14:37:19 +0100 +Subject: Changed the javascript parser to set the tag's scope rather than + including it in the tag name. + +Patch from Colomban. + +Author: David Fishburn +Origin: upstream, http://sourceforge.net/p/ctags/code/791/ +Bug-Debian: https://bugs.debian.org/742605 +Last-Update: 2014-09-27 + +Patch-Name: jscript-set-tag-scope.patch +--- + jscript.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 51 insertions(+), 3 deletions(-) + +diff --git a/jscript.c b/jscript.c +index 5de3367..a790355 100644 +--- a/jscript.c ++++ b/jscript.c +@@ -215,6 +215,7 @@ static void deleteToken (tokenInfo *const token) + * Tag generation functions + */ + ++/* + static void makeConstTag (tokenInfo *const token, const jsKind kind) + { + if (JsKinds [kind].enabled && ! token->ignoreTag ) +@@ -238,12 +239,13 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind) + + if (JsKinds [kind].enabled && ! token->ignoreTag ) + { +- /* ++ * + * If a scope has been added to the token, change the token + * string to include the scope when making the tag. +- */ ++ * + if ( vStringLength(token->scope) > 0 ) + { ++ * + fulltag = vStringNew (); + vStringCopy(fulltag, token->scope); + vStringCatS (fulltag, "."); +@@ -251,8 +253,54 @@ static void makeJsTag (tokenInfo *const token, const jsKind kind) + vStringTerminate(fulltag); + vStringCopy(token->string, fulltag); + vStringDelete (fulltag); ++ * ++ jsKind parent_kind = JSTAG_CLASS; ++ ++ * ++ * if we're creating a function (and not a method), ++ * guess we're inside another function ++ * ++ if (kind == JSTAG_FUNCTION) ++ parent_kind = JSTAG_FUNCTION; ++ ++ e.extensionFields.scope[0] = JsKinds [parent_kind].name; ++ e.extensionFields.scope[1] = vStringValue (token->scope); ++ } ++ * makeConstTag (token, kind); * ++ makeTagEntry (&e); ++ } ++} ++*/ ++ ++static void makeJsTag (tokenInfo *const token, const jsKind kind) ++{ ++ if (JsKinds [kind].enabled && ! token->ignoreTag ) ++ { ++ const char *const name = vStringValue (token->string); ++ tagEntryInfo e; ++ initTagEntry (&e, name); ++ ++ e.lineNumber = token->lineNumber; ++ e.filePosition = token->filePosition; ++ e.kindName = JsKinds [kind].name; ++ e.kind = JsKinds [kind].letter; ++ ++ if ( vStringLength(token->scope) > 0 ) ++ { ++ jsKind parent_kind = JSTAG_CLASS; ++ ++ /* ++ * If we're creating a function (and not a method), ++ * guess we're inside another function ++ */ ++ if (kind == JSTAG_FUNCTION) ++ parent_kind = JSTAG_FUNCTION; ++ ++ e.extensionFields.scope[0] = JsKinds [parent_kind].name; ++ e.extensionFields.scope[1] = vStringValue (token->scope); + } +- makeConstTag (token, kind); ++ ++ makeTagEntry (&e); + } + } + Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-10-24 18:22:31 UTC (rev 225276) +++ PKGBUILD 2014-10-24 18:25:02 UTC (rev 225277) @@ -4,15 +4,23 @@ pkgname=ctags pkgver=5.8 -pkgrel=4 +pkgrel=5 pkgdesc="Generates an index file of language objects found in source files" arch=('i686' 'x86_64') license=('GPL') depends=('glibc') url="http://ctags.sourceforge.net/"; -source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz";) -md5sums=('c00f82ecdcc357434731913e5b48630d') +source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz"; + "CVE-2014-7204.patch") +md5sums=('c00f82ecdcc357434731913e5b48630d' + '5fd1a8abb0e1e2d16fd4b8b870e03249') +prepare() { + cd ${srcdir}/${pkgname}-${pkgver} + + patch -Np1 <../CVE-2014-7204.patch +} + build() { cd ${srcdir}/${pkgname}-${pkgver}
